Sony Data Breach Lawsuit Settlement Gets Final Approval

A federal judge in Los Angeles has given final approval to a multimillion-dollar settlement that finally ends a class action lawsuit against Sony Pictures stemming from a massive data breach suffered by the studio in November 2014 that exposed the personal data of thousands of employees online, Deadline Hollywood reports.

The settlement approved by Judge R. Gary Klausner for 435,000 certified class action members includes a maximum of $10,000 per individual plus $1,000-$3,000 to the group of initial plaintiffs, according to Deadline Hollywood, making the total price to Sony Pictures for the data breach approximately $15 million.

Deadline Hollywood also reports the settlement requires Sony Pictures to provide identity theft protection until the end of 2017 and a fund to compensate members who paid to protect themselves after the data breach. The ongoing identity theft protection for the data breach could see Sony Pictures paying out over $4 million.

As reported earlier by ESR News Blog, two former Sony employees filed a class action lawsuit against Sony in December 2014 claiming that the company did not take adequate measures to prevent a “massive” data breach that compromised the personal data of thousands of current and former Sony employees.

According to the complaint, Sony Pictures “failed to secure its computer systems, servers, and databases despite weaknesses it has known about for years.” The lawsuit also claimed sensitive data including Social Security numbers, employment files, and medical information was leaked to the public in the data breach.

The Sony Pictures data breach lawsuit settlement underscores why businesses must always ensure information security to prevent embarrassing and costly data breach incidents that harm a company’s reputation and bottom line. This data breach is just one example among many.

In March 2016, the ESR News Blog reported that Home Depot Inc. agreed to pay $19.5 million – $13 million to settle class action lawsuits and $6.5 million for identity protection services – to compensate approximately 40 to 50 million consumers affected by another massive data breach in 2014.